Maintaining the security of computer resources is a difficult problem, especially as the complexity of such systems increases. One way that computer systems may secure computing resources is to require an entity attempting to access a computing resource to provide credentials—such as a username and password—that may be used to authenticate the identity of the entity and determine whether that entity is authorized to access the resource requested. However, in large-scale computing environments, propagating credentials to multiple entities may be difficult, costly, and/or introduce additional vulnerabilities in a system that may be attacked by an adversary.
Alternatively, a computer system may distribute short-term credentials to authenticate the identity of an entity and determine whether that entity is authorized to access a requested resource. However, short-term credentials in at least some implementations have several shortcomings as compared to user-based credential systems. For example, user-based credential systems may support group behavior where a group of users has a shared set of rights to access certain resources, however, these systems typically authenticate the identity of an entity using a username and password that is setup and determined ahead of time.